You can configure
trusted identity (ID) evaluators. The
trusted ID evaluator determines whether or not to trust the identity-asserting
authority.
About this task
This task provides
the steps that are needed to configure
trusted identity (ID) evaluators. The trusted ID evaluator determines
whether to trust the identity-asserting authority. After the ID is
trusted, the WebSphere® Application Server issues the
proper credentials based on the identity, which are used in a downstream
call to another server for invoking resources. The trusted ID evaluator
implements the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator interface.
You can configure the trusted ID evaluators on the
server level and the cell level. In the following steps, use the first
step to access the server-level default bindings and use the second
step to access the cell-level bindings:
Procedure
- Access the default bindings for the server level.
- Click .
- Under Security, click
JAX-WS and JAX-RPC
security runtime.
Mixed-version environment: In
a mixed node cell with a server using Websphere Application Server
version 6.1 or earlier, click
Web services: Default bindings
for Web Services Security.
mixv
- Click to access the default
bindings on the cell level.
- Under Additional
properties, click Trusted ID
evaluators.
- Click New to
create a trusted ID evaluator configuration,
click Delete to delete an existing configuration, or click
the name of an existing configuration to edit the settings. If
you are creating a new configuration, enter a unique name for the
trusted ID evaluator configuration in the Trusted ID evaluator name
field. This field specifies the name that is used by the application
binding to refer to a trusted identity (ID) evaluator that is defined
in the default binding.
- Specify a class name
in the Trusted ID evaluator class
name field. The default class name is com.ibm.wsspi.wssecurity.id.TrustedIDEvaluatorImpl.
The specified trusted ID evaluator class name must implement the com.ibm.wsspi.wssecurity.id.TrustedIDEvaluator class.
When you use the default TrustedIDEvaluator class,
you must specify the name and value properties for the default trusted
ID evaluator to create the trusted ID list for evaluation.
- Under Additional properties, click Properties > New.
- Specify the trusted ID evaluator name as a property
name. You must specify the trusted ID evaluator name in
the form, trustedId_n,
where _n is an integer from
zero (0) to n.
- Specify the trusted ID as
a property value.
property name="trustedId_0", value="CN=Bob,O=ACME,C=US"
property name="trustedId_1, value="user1"
If a distinguished
name (DN) is used, the space is removed for comparison.
- Click OK and then Save.
Results
You have configured the
trusted ID evaluators
at the server or cell level.